By Cheryl Pellerin
American Forces Press Service
“Information technology provides us with critical advantages in all of our warfighting domains so we need to protect cyberspace to enable those advantages,”
said during an Oct. 14 Pentagon Channel interview. Lynn
Adversaries may be able to undermine the military’s advantages in conventional areas,
said, by attacking the nation’s military and commercial information technology, or IT, infrastructure. Lynn
This threat has “opened up a whole new asymmetry in future warfare,” the deputy defense secretary said.
DOD’s focus on cyberdefense began in 2008 with a previously classified incident in the
Middle East in which a flash drive inserted malware into classified military networks, said. Lynn
“We realized we couldn’t rely on passive defenses and firewalls and software patches, and we’ve developed a more-layered defense,” he said.
“There’s no agreed-on definition of what constitutes a cyberattack,”
said. “It’s really a range of things that can happen -- from exploitation and exfiltration of data to degradation of networks to destruction of networks or even physical equipment, physical property. What we’re doing in our defense cyberstrategy is developing appropriate responses and defenses for each of those types of attacks.” Lynn
One element of the strategy –- working with Homeland Defense to protect critical military and civilian IT infrastructure -– was put into place Oct. 13, when Defense Secretary Robert M. Gates and Homeland Security Secretary Janet Napolitano announced a new agreement to work together on cybersecurity.
The agreement includes a formal mechanism for benefiting from the technical expertise of the National Security Agency, or NSA, which is responsible for protecting national security systems, collecting related foreign intelligence, and enabling network warfare.
Another element is what
calls a “layered defense, where you have intrusion detection and firewalls but you also have a … layer that helps defend against attacks.” Lynn
In his draft strategy,
describes the defense-layer component of cybersecurity in terms of NSA-pioneered systems that “automatically deploy defenses to counter intrusions in real time. Part sensor, part sentry, part sharpshooter, these active defense systems represent a fundamental shift in the Lynn approach to network defense.” U.S.
And, since no cyberdefense system is perfect, DOD requires “multiple layers of defense that give us better assurance of capturing malware before it gets to us,” Lynn said.
“We need the ability to hunt on our own networks to get [intruders] that might get through and we need to continually improve our defenses,” he continued. “We can’t stand still. The technology is going to continue to advance and we have to keep pace with it.”
Envisioned attacks on military networks could impair military power, national security and the economy,
Enemy cyberattacks could deprive the military of the ability to strike with precision and communicate among forces and with headquarters, he said, and it could impair logistics or transportation networks and eliminate advantages that information technology has given military forces.
“Beyond that, cyberattacks conceivably could threaten the national economy if [adversaries] were to go after the power grid or financial networks or transportation networks, and that, too, would be a national security challenge,”
said. “And over the long run there’s a threat to our intellectual property … basically a theft of the life blood of our economy.” Lynn
Working more closely with allies is an important element of the strategy, he said, to ensure a shared defense and an early warning capability.
The NATO 2020 report rightly identified the need for the alliance’s new 10-year strategic concept -- a draft of which is an expected product of the 2010 NATO Summit slated for Nov. 19-20 in
–- to further incorporate cyberdefense concepts Lisbon, Portugal wrote about in Foreign Affairs. Lynn
As part of a public-private partnership called the Enduring Security Framework, Lynn wrote in his Foreign Affairs article, chief executive officers and chief technology officers of major IT and defense companies meet regularly with top officials from Defense, Homeland Security and the Office of the Director of National Intelligence.
DARPA also is working on the
, a simulated model of the Internet that will enable the military to test its cyberdefenses before deploying them in the field. National Cyber Range
The Pentagon’s IT acquisition process also has to change,
wrote in Foreign Affairs. It took Apple Inc. 24 months to develop the iPhone, he said, and at DOD it takes on average about 81 months to develop and field a new computer system after it is funded. Lynn
“The Pentagon is developing a specific acquisition track for information technology,”
wrote in Foreign Affairs, and it also is bolstering the number of cyberdefense experts who will lead the charge into the new cyberwar era. Lynn
The military’s global communications backbone consists of 15,000 networks and 7 million computing devices across hundreds of installations in dozens of countries,
wrote. More than 90,000 people work full time to maintain it, he said, but more are needed. Lynn
Through the establishment of U.S. Cyber Command and the bolstering of cybersecurity at other defense agencies “we’ve greatly increased the number of cyber professionals we have at DOD and will continue to increase that,”
told the Pentagon Channel.” Lynn